Thursday, July 22, 2010

OCS Certificate Error

Users started receiving the following error on workstations when opening OCS.

There was a problem verifying the certificate from the server. Please contact your system administrator.

The client rebooted the server. After rebooting they started receiving the following error when opening OCS.

Cannot sign in because the server is temporarily unavailable. If the problem persists, contact the system administrator.

In the system event log on the client workstations the following error was received.

Event Type: ErrorEvent Source: CommunicatorEvent Category: NoneEvent ID: 7Date: 23/07/2010Time: 9:27:39 AMUser: N/AComputer: KTM-10Description:Communicator failed to connect to server banara.rmaust.com.au (172.25.129.25) on port 5061 due to error 10061. The server is not listening on the port in question, the service is not running on this machine, the service is not responsive, or network connectivity doesn't exist.

Resolution:Please make sure that your workstation has network connectivity. If you are using manual configuration, please double-check the configuration. The network administrator should make sure that the service is running on port 5061 on server banara.rmaust.com.au (172.25.129.25).

The reason why all these errors started spawning stems from the Digital Certificate issued to the OCS Server expiring. If you fire up MMC, add in the certificate console, go to local computer certificates and open up the certificate used for OCS it will say the certificate is expired.

Resolution

To resolve the issue generate assign a new certificate from the internal certificate authority (or from a public certificate authority) depending on how your OCS organisation is setup. In this instance we will be issuing a certificate from an internal certificate authority. The certificate request needs to be renewed on a number of OCS services. For each OCS component follow these guides from the OCSPEDIA website:

Users will continue to receive "There was a problem verifying the certificate from the server. Please contact your system administrator" until they reboot their workstation after changing the certificate on the server.